1. Field of the Invention
The present invention relates to a system for preventing IP (Internet Protocol) allocation to a cloned mobile communication terminal and, more particularly, to a technique of preventing a cloned mobile communication terminal from accessing a network.
2. Description of Related Art
FIG. 1 illustrates a mobile communication system for providing packet data services.
A mobile communication system 10 includes a base transceiver station (BTS) 11, a base station controller (BSC) 12, a packet control function (PCF) 13, a packet data serving node (PDSN) 14, a home agent (HA) 15, and an authentication, authorization and accounting (AAA) 16.
The BTS 11 exchanges voice and data with a mobile station (MS) 20 over wireless interface.
The BSC 12 is responsible for the exchange of messages towards the MSC (mobile switching center) and the BTS 11. Traffic and signaling transferred between the MSC and MS 20 will usually pass transparently through the BSC 12.
The PCF 13 controls the transmission of packets between the BSC 12 and the PDSN 14.
The PDSN 14 is responsible for the establishment, maintenance and termination of a link layer session towards the MS 20.
The HA 15 is the function within the mobile IP architecture responsible for routing data to mobile stations currently attached to a foreign network. This is achieved through a tunneling process in which a Care-of-Address (CoA) is used to deliver the data to the mobile station 20. The HA 15 communicates with the AAA 16 for the purpose of user authentication.
The AAA 16 is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.
The MS 20 is required to access the Internet through the mobile IP to use Mobile Browser, Multimedia Messaging Service (MMS), or BREW applications.
The HA 15 is responsible for the registration of mobile IP. In more detail, when the MS 20 sends an IP registration request message (RRQ) to the HA 15, the HA 15 checks whether or not there is an IP address available. When there is an IP address available, the HA 15 allocates the IP address to the MS 20 and sends an IP registration reply message (RRP) to the MS 20, thereby completing IP registration. The above-mentioned IP registration process is well known in the art and a detailed description thereof will thus be omitted herein.
According to the prior art, a hash value is used as MN-HA Shared Secret or MN-AAA Shared Secret used as a password for authentication during mobile IP access. The hash value is obtained by hashing an electronic serial number (ESN) or an authentication key issued to a user in a mobile communication system with a hash function.
Accordingly, if the hash value is copied to a memory unit of a cloned mobile station or is generated using specification of a manufacturer, the hash value is compared with a hash value stored in the mobile communication system and IP is allocated to the cloned mobile station during an IP registration process. As a result, it is not possible to prevent the cloned mobile station from accessing the network.